Page MenuHomeVyOS Platform

dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1
Closed, ResolvedPublicFEATURE REQUEST

Description

Fix CVE-2023-48795: (terrapin attack): The SSH transport protocol with certain OpenSSH extensions allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. (Closes: #1059001)

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Package upgrade

Event Timeline

c-po renamed this task from dropbear: package upgrade 2022.83-1+deb12u1 to dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1.
c-po changed the task status from Open to In progress.
c-po claimed this task.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.